<div>
First of all, move to Postini. It will be one of the smartest things you can do. You will have a great amount of granularity in the way you can control what goes in (and out if you choose). Uninstall Symantec!<br />
<br />
Setting up a SPF record is quick and easy, and even if it only blocks 50% or 10% its worth it.<br />
<br />
Use this: <a href="http://old.openspf.org/wizard.html" rel="ugc">http://old.openspf.org/wizard.html</a><br />
<br />
Publish it as a TXT in DNS record. Your DNS provider (probably) will know what to do with it.<br />
<br />

</div>


<div>
Will postini block NDR spam? <br />
Symantec has told me since these are NDR messages from legitimate domains they won't block them. <br />
<br />
Also I don't mind setting up SPF, but it still isn't a solution. I can't tell my cleint that everything is fixed if we are only blocking 50% of 1000 NDR spam messages. 
</div>


<div>
Right, it isn't a solution (SPF) but it is part of it.<br />
<br />
Here is Postini's brief on NDR SPAM.<br />
<br />
<a href="http://www.postini.com/webdocs/rel_notes/announce/bulletin_ndr.pdf" rel="ugc">http://www.postini.com/webdocs/rel_notes/announce/bulletin_ndr.pdf</a>
</div>


<div>
thanks<br />
I read the postini info on blocking incoming NDR. It doesn't seem like a 100% solution either<br />
<br />
Turn on Non-Account Bouncing to protect your users<br />
&nbsp;- This only stops the server from accepting mail for non users<br />
Use Content Manager to filter NDRs<br />
- This just blocks on key words in the subject, which seem to change<br />
Use the new NDR filter enabled with a batch command<br />
- this blocks on the sending mail server which also changes<br />
<br />

</div>


<div>
What about just blocking all incomming NDR messages. Is there a way to do that?<br />
thanks<br />

</div>


<div>
No. Not that I have ever found.
</div>


<div>
uid94130:<br />
&nbsp; &nbsp;I see what you are saying, but this doesn't seem like a viable option. <br />
Telling the CEO we are chanigng his outgoing email address isn't going to fly. Especailly as we'd have to change it agian in 6 months when NDR spammers start using the new email address.<br />
<br />
grblades:<br />
This looks like a good solution. Will this work on Windows? We are running all windows machines. If it would solve the problem I'd put in a Linux box, though I have barely used linux
</div>


<div>
Spamassassin can be run under Windows as it is just written in perl however its rare that it is run under windows and there can always be compatibility problems.<br />
<br />
I would highly recommend that you run it under Linux.<br />
I would suggest using Centos as it is basically the free version of redhat enterprise and has a long lifecycle so wont go out of date.<br />
I would install Postfix from the installation media and then go to <a href="http://www.mailscanner.info" rel="ugc">http://www.mailscanner.info</a>&nbsp;and download and install the MailScanner software and the combined clamav/spamassassin package.<br />
<br />
How to configure postfix and even configuring postfix to use recipient verification is detailed on the mailscanner website. Recipient verification is very usefull as it enables the spam box to reject mail to invalid users straight away.<br />
<br />
If you use Mailscanner then what you can do is make use of its watermark feature. All emails sent out through it have a watermark placed in the headers. Any valid replies are then permitted back in and bypass spam checks which is very usefull. One side effect of this is the additional option to class all non delivery receipts without a watermark as being spam which is exactly what you want and avoids you having to configure the vbounce plugin.<br />
<br />
What I like about mailscanner is its advanced configuration options. For example I have spam with a score 5-10 marked as {probably spam] in the subject so users can pay a bit more intention to them as they could possibly be false alerts. Spam with a score 10-20 is marked as spam while anything over a score of 20 is deleted and not even delivered. This combined with using the spamhaul RBL in postfix means that the amount of spam people receive in their mailbox is reduced by about 90% with practically all of the other spam being marked as such and filtered into their spam mailbox.<br />
<br />
I have my setup detailed at <a href="http://www.gbnetwork.co.uk/mailscanner" rel="ugc">http://www.gbnetwork.co.uk/mailscanner</a><br />
As I often say running your own antispam system can get you far better results that a hosted solution but the more complex it is the better the system tends to work but it can be daunting if you are new to it.
</div>


<div>
Take a look at a product called Alligate, <a href="http://www.alligate.com" rel="ugc">http://www.alligate.com</a>. It is an anti-spam gateway for Windows servers that has automatic backscatter protection and this is what you need. It will not block the occasional, legitimate NDR, however it will kick in when it detects &nbsp;some spammer is using forged addresses that happen to belong to your users. Backscatter can cripple an innocent users mailbox and sometimes number into the thousands in a short period of time. It can also seriously degrade performance of your mail server unless it was built to withstand occasional heavy use. I would not recommend wholesale blocking of NDRs. While that is unlikely to get you blacklisted, it simply is not good practice. There is always going to be that one email that was mis-addressed and something important will be missed. The important thing is you don't need to sacrifice having a properly performing mail server to keep the garbage out. There are tools like this that can make these problems simply go away without even thinking about it again. 
</div>


<div>
We have a 100% solution for NDR , the blocking non users is not the answer , you need to block ndr all together. Our services support , Non Users , NDR and Grey Listing.<br />
<br />
You may contact us at <a href="http://www.ParagonHost.com" rel="ugc">http://www.ParagonHost.com</a>&nbsp;<br />
<br />
Cheers, <br />
<br />
Dave
</div>


<div>
Based on the Applicance price , for 10 users you may want to goto an outside MX filter service as a few users noted here.<br />
<br />
The Spam Busters can block NDR's by &quot;treating&quot; them as spam , they can also do Grey Listing all for about 2 bucks per person.<br />
<br />
There web site is <a href="http://www.paragonhost.com" rel="ugc">http://www.paragonhost.com</a>&nbsp;, contact me if you want to know more - I have used TSB for the past 5 years.<br />
<br />
Email me at teldata [at] gmail [dot] [com]<br />
<br />
Cheers, <br />
<br />
Dave 
</div>


<div>
<div class="content wysiwyg-content">
Hi,<br />
&nbsp; &nbsp;I have a cleint getting hit with a lot of NDR spam / NDR spoofing lately. The CEO got hit with 1000 in one day!<br />
I've been looking at ways of blocking NDR spam, but so far nothing seems like it will work for sure. <br />
<br />
At this point I just want to turn off all incoming NDR messages. I realize that this will block legit NDR notices when an internal user mistypes an address. For now it's the lesser of the evils. <br />
I can't seem to find out how to do this. We are using Windows Small Business Server 2003 SP2 with Exchange 2003 SP2 and Symantec Mail Security for Exchange 5. We are thinking of movig to Symantec Hosted Mail Security or Postini. <br />
<br />
I've read somewhere that blocking NDR's can get you blacklisted. Is this true? Seems strange if so. <br />
<br />
People have mentioned using SPF records, but the effectivness will be based on how many external companies are checking SPF. I get the feel its under 50% meaning it will not do much good. <br />
<br />
I did find this spam applaince and talked tech support. It appears this would work to block NDR spam, but the appliance is $2000 and licenses are $1300 a yr making it to expensive for a company of 10 people. <br />
<a href="http://www.sendio.com" rel="ugc">www.sendio.com</a><br />

</div>
</div>


Hi,
   I have a cleint getting hit with a lot of NDR spam / NDR spoofing lately. The CEO got hit with 1000 in one day!
I've been looking at ways of blocking NDR spam, but so far nothing seems like it will work for sure. 

At this point I just want to turn off all incoming NDR messages. I realize that this will block legit NDR notices when an internal user mistypes an address. For now it's the lesser of the evils. 
I can't seem to find out how to do this. We are using Windows Small Business Server 2003 SP2 with Exchange 2003 SP2 and Symantec Mail Security for Exchange 5. We are thinking of movig to Symantec Hosted Mail Security or Postini. 

I've read somewhere that blocking NDR's can get you blacklisted. Is this true? Seems strange if so. 

People have mentioned using SPF records, but the effectivness will be based on how many external companies are checking SPF. I get the feel its under 50% meaning it will not do much good. 

I did find this spam applaince and talked tech support. It appears this would work to block NDR spam, but the appliance is $2000 and licenses are $1300 a yr making it to expensive for a company of 10 people. 
www.sendio.com


How to block incoming NDR messages?

Interactions between email servers and clients are governed by email protocols. The three most common email protocols are POP, IMAP and MAPI. Most email software operates under one of these (and many products support more than one).  The correct protocol must be selected, and correctly configured, if you want your email account to work.

Email Protocols

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.